DDoS defense police settings for non-website service

This topic describes the DDoS defense policies provided by Anti-DDoS Pro for the non-web service. You can refer this topic to optimize your non-web service’s anti-DDoS protection settings.

The DDoS defense policies for the non-web service in Anti-DDoS Pro is based on the IP and port protection. You can set the speed limit of connections and the length limit of packets for your IPs and ports of the non-web services that are protected by Anti-DDoS Pro, to relieve small-traffic connectivity attacks.

To set the DDoS defense policies for non-web service, follow these steps:

Defense against false sources and null session connections. This policy only applies to TCP rules.

New Connection Speed Limits for Source IP

The maximum number of new connections per second from a single source IP. The new connections that exceed the limits are discarded. The new connection speed limits may have some deviation, because the protection device is deployed as clusters.

Concurrent Connection Speed Limits for Source

The maximum number of concurrent connections from a single source IP. The connections that exceed the limits are discarded.

New Connection Speed Limits for Destination IP

The maximum number of new connections per second to a single destination IP and port. The new connections that exceed the limits are discarded. The new connection speed limits may have some deviation, because the protection device is deployed as clusters.

Concurrent Connection Speed Limits for Destination IP

The maximum number of concurrent connections to a single destination IP and port. The connections that exceed the limits are discarded.

Packet Length Filtering

The length limit of payload included in packets (unit: byte). Packets that exceed the size limit are discarded.